Skip to content

[3.13] gh-146333: Fix quadratic regex backtracking in configparser option parsing (GH-146399)#148559

Merged
encukou merged 1 commit intopython:3.13from
encukou:backport-7e0a0be-3.13
Apr 15, 2026
Merged

[3.13] gh-146333: Fix quadratic regex backtracking in configparser option parsing (GH-146399)#148559
encukou merged 1 commit intopython:3.13from
encukou:backport-7e0a0be-3.13

Conversation

@encukou
Copy link
Copy Markdown
Member

@encukou encukou commented Apr 14, 2026
edited by bedevere-app bot
Loading

Use negative lookahead in option regex to prevent backtracking, and to avoid changing logic outside the regexes (since people could use the regex directly).

(cherry picked from commit 7e0a0be)

@joshuaswanson @encukou
[3.13] pythongh-146333: Fix quadratic regex backtracking in configpar…
c4fcd9c 
…ser option parsing (pythonGH-146399)

Use negative lookahead in option regex to prevent backtracking, and to avoid changing logic outside the regexes (since people could use the regex directly).
(cherry picked from commit 7e0a0be)

Co-authored-by: Joshua Swanson <22283299+joshuaswanson@users.noreply.github.com>
@encukou encukou requested a review from jaraco as a code owner April 14, 2026 15:20
@encukou encukou added needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes needs backport to 3.12 only security fixes labels Apr 14, 2026
@bedevere-app bedevere-app bot mentioned this pull request Apr 14, 2026
Merged
@bedevere-app bedevere-app bot mentioned this pull request Apr 14, 2026
Open
@encukou encukou merged commit a5969e8 into python:3.13 Apr 15, 2026
49 checks passed
@miss-islington-app
Copy link
Copy Markdown

miss-islington-app bot commented Apr 15, 2026

Thanks @encukou for the PR 🌮🎉.. I'm working now to backport this PR to: 3.10, 3.11, 3.12.
🐍🍒⛏🤖

@miss-islington-app
Copy link
Copy Markdown

miss-islington-app bot commented Apr 15, 2026

Sorry, @encukou, I could not cleanly backport this to 3.12 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker a5969e8f0fda37aaf0e2f844fdcfca9d822a70b1 3.12

@encukou encukou deleted the backport-7e0a0be-3.13 branch April 15, 2026 10:11
@miss-islington-app
Copy link
Copy Markdown

miss-islington-app bot commented Apr 15, 2026

Sorry, @encukou, I could not cleanly backport this to 3.11 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker a5969e8f0fda37aaf0e2f844fdcfca9d822a70b1 3.11

@miss-islington-app
Copy link
Copy Markdown

miss-islington-app bot commented Apr 15, 2026

Sorry, @encukou, I could not cleanly backport this to 3.10 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker a5969e8f0fda37aaf0e2f844fdcfca9d822a70b1 3.10

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jaraco jaraco Awaiting requested review from jaraco jaraco is a code owner

Assignees

@encukou encukou

Labels

needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes needs backport to 3.12 only security fixes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@encukou @joshuaswanson